On Sun, Mar 17, 2024 at 5:32 PM Richard Barnes <r...@ipv.sx> wrote: > > Hi Watson, > > I appreciate the concerns with regard to re-using Web PKI certs for cases > such as these. Care is required, but I think there is a path here. > > 1. Clearly there are cross-protocol concerns. I expect that most usage here > in reality would be based on ECDSA / EdDSA, not RSA, which helps. I would be > comfortable with security considerations recommending that a key pair / > certificate used for signing these things be used for no other purpose. > > 2. Validity times are definitely a challenge for the container signing use > case, but from the conversations I've had with that community, they are > taking an orthogonal approach. As I tried to sketch in the document, they > are establishing authorities that will vouch that a signed thing existed at a > given time, so that a relying party can safely rewind their clock and > validate as if it were that time. See, e.g., SigStore > <https://www.sigstore.dev/>, which has roughly this shape if you squint right.
That should work out: might want a security considerations saying this. > > 3. I don't think there's actually any disconnect between HTTPS authentication > and proof of authority. The Web PKI is about authenticating domain names, > which is what both use cases require. Only with certain validation methods. Others like agreed upon change to site content have a narrower scope and the BRs reflect this subtlety. To be honest you're probably safe and I am not the expert here. Sincerely, Watson -- Astra mortemque praestare gradatim _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
